Aggregator

A buffer overflow vulnerability in Lenovo Protection Driver could allow local attackers with elevated privileges to execute arbitrary code on affected systems.  The vulnerability, designated as CVE-2025-4657, affects multiple Lenovo applications and poses significant security risks to desktop, ThinkCentre, laptop, and ThinkPad users. Key Takeaways1. Buffer overflow vulnerability allows attackers to execute arbitrary code and […]

The post Lenovo Protection Driver Vulnerability Let Attackers Escalate Privilege and Execute Arbitrary Code appeared first on Cyber Security News.

Microsoft has announced significant transparency improvements for its email security platform, introducing a new customer-facing dashboard that provides detailed visibility into threat protection effectiveness across organizations. The enhanced dashboard for Microsoft Defender for Office 365 represents a major step toward data-driven cybersecurity decision-making, offering security teams unprecedented insight into how their email protection systems perform […]

The post Microsoft Defender for Office 365 Gets Enhanced Threat Dashboard appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Russian premium vodka producer Beluga, owned by NovaBev Group, has fallen victim to a sophisticated ransomware attack that disrupted its IT infrastructure and operational capabilities.  The cyberattack, which occurred on July 14, 2025, represents an escalation in cybercriminal activities targeting major beverage companies, forcing the organization to implement emergency response protocols while maintaining its principled […]

The post Russian Vodka Producer Beluga Hit by Ransomware Attack appeared first on Cyber Security News.

You must login to view this content

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. 

• CVE-2025-25257 Fortinet FortiWeb SQL Injection Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. 

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. 

Cambodian police and military arrested more than 1,000 people in a crackdown on cyberscam operations that have proliferated in recent years in Southeast Asia and now are spreading globally, ensnaring hundreds of thousands of people in human trafficking schemes who are forced to run romance and other online frauds.

The post Cambodia Arrests More Than 1,000 in Cyberscam Crackdown appeared first on Security Boulevard.

A critical vulnerability in macOS allows attackers to escalate privileges to root access through misconfigured daemon services.  The vulnerability, dubbed “Daemon Ex Plist,” exploits weaknesses in how macOS handles service property list (plist) files and has been found to affect multiple popular VPN applications and other software. Key Takeaways1. macOS daemons left behind in /Library/LaunchDaemons/ […]

The post New “Daemon Ex Plist” Vulnerability Gives Attackers Root Access on macOS appeared first on Cyber Security News.